Accessing Amazon Web Services services with temporary credentials
The result of a successful authentication with an identity pool is a set of Amazon credentials. With these credentials, your application can make requests to Amazon resources that are protected with IAM authentication. With the various Amazon SDKs that you can add to your applications to access identity pools API operations, you can make unauthenticated API requests that produce temporary credentials. Then you can add SDKs for other Amazon Web Services services to your client and sign requests with those temporary credentials. The IAM permissions granted to your temporary-credentials role must permit the operations that you request from other services.
After you configure your Amazon Cognito credentials provider and retrieve Amazon credentials, create an Amazon Web Services service client. The following are some examples from Amazon SDK documentation.
Amazon SDK resources for creating a client
-
Amazon Client configuration in the Amazon SDK for C++ Developer Guide
-
Using the Amazon SDK for Go V2 with Amazon Web Services services
in the Amazon SDK for Go Developer Guide -
Configuring HTTP clients in the Amazon SDK for Java 2.x Developer Guide
-
Creating and calling service objects in the Amazon SDK for JavaScript Developer Guide
-
Creating clients
in the Amazon SDK for Python (Boto3) documentation -
Creating a service client in the Amazon SDK for Rust Developer Guide
-
Using clients in the Amazon SDK for Swift Developer Guide
The following snippet initializes an Amazon DynamoDB client:
To use a Amazon Cognito identity pool in an Android app, set up Amazon Amplify. For more
information, see Authentication
// Create a service client with the provider AmazonDynamoDB client = new AmazonDynamoDBClient(credentialsProvider);
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.
To use a Amazon Cognito identity pool in an iOS app, set up Amazon Amplify. For more
information, see Swift
Authentication
// create a configuration that uses the provider AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSEast1 provider:credentialsProvider]; // get a client with the default service configuration AWSDynamoDB *dynamoDB = [AWSDynamoDB defaultDynamoDB];
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.
To use a Amazon Cognito identity pool in an iOS app, set up Amazon Amplify. For more
information, see Swift
Authentication
// get a client with the default service configuration let dynamoDB = AWSDynamoDB.default() // get a client with a custom configuration AWSDynamoDB.register(with: configuration!, forKey: "USWest2DynamoDB"); let dynamoDBCustom = AWSDynamoDB(forKey: "USWest2DynamoDB")
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.
// Create a service client with the provider var dynamodb = new AWS.DynamoDB({region: 'us-west-2'});
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited-privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.
The Amazon SDK for
Unity is now part of the Amazon SDK for .NET. To get started with
Amazon Cognito in the Amazon SDK for .NET, see Amazon Cognito credentials
provider in the Amazon SDK for .NET Developer Guide. Or see Amplify Dev Center
// create a service client that uses credentials provided by Cognito AmazonDynamoDBClient client = new AmazonDynamoDBClient(credentials, REGION);
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited-privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.
The Amazon SDK for Xamarin is now part of the Amazon SDK for .NET. To get started with
Amazon Cognito in the Amazon SDK for .NET, see Amazon Cognito credentials
provider in the Amazon SDK for .NET Developer Guide. Or see Amplify Dev Center
// create a service client that uses credentials provided by Cognito var client = new AmazonDynamoDBClient(credentials, REGION)
The credentials provider communicates with Amazon Cognito, retrieving both the unique identifier for authenticated and unauthenticated users as well as temporary, limited-privilege Amazon credentials for the Amazon Mobile SDK. The retrieved credentials are valid for one hour, and the provider refreshes them when they expire.